Risk management, strategy and analysis from DeloitteCONTENT FROM OUR SPONSORPlease note: The Wall Street Journal News Department was not involved in the creation of the content below.

Text Size

Regular

Medium

Large

Google+

Print

Compliance Trends Survey: Are CCOs Addressing the “Right” Risks?

Chief compliance officers (CCOs) have a wide range of responsibilities, from privacy to policy management and from investigations to anti-bribery training among other duties. The report, In Focus: Compliance Trends Survey 2014, released by Deloitte & Touche LLP and Compliance Week, identifies four “core” responsibilities, each one cited by at least 79% of respondents:

Compliance with domestic regulation

Compliance training

Code of conduct

Complaints and whistleblower hotlines

The report was generated from a survey of more than 200 compliance executives across corporate America and overseas. The four basic duties are the same for small and large companies, which suggests that a consensus is emerging on what compliance departments should oversee on a practical, daily basis, even if other, more specific risks vary greatly from one company to the next. Responsibility for several “regulation-specific” risks, such as the Foreign Corrupt Practices Act (FCPA) and anti-money laundering (AML) rules, edged down this year compared with 2013: from 62% to 58% for the FCPA, and from 40% to 38% for AML programs.

Nicole Sandford

“Bifurcated compliance responsibilities may be a practical reality for many companies, given the relatively small staff of the compliance departments, but it comes with risks,” says Nicole Sandford, partner and leader of the Governance and Enterprise Compliance practice, Deloitte & Touche LLP.

“Compliance officers really need to ask themselves: if something goes wrong in one of the areas that I don’t control, will I still be held accountable by the board, the executives or the regulators? If the answer is yes—and history has shown that to be the case in many instances—then CCOs should make a concerted effort to insert themselves into the process in a meaningful way,” adds Ms. Sandford.

Third-party relationships continue to be a prime source of anxiety for small and large companies. A sizeable 85% of all respondents say they are somehow reassessing their business links with joint-venture partners, suppliers, distributors, agents among others—although the vast majority of that number are either reviewing their risks with third parties or increasing their monitoring of them. Only 5% are specifically reducing third-party relationships and bringing those activities back in-house.

That’s not to say that many compliance departments exercise vigorous oversight of third-party risks. Seventeen percent of respondents say they “rarely or never” conduct background checks on third parties; 48% “sometimes” do. What’s more, the most common methods of oversight were passive: providing contractors with codes of conduct (48% of respondents) or requiring anti-corruption language in contracts (39%). Practices related to more active steps, such as training third parties on compliance programs or audits of third-party compliance, are somewhat inconsistent. Forty-two percent say they rarely or never provide third parties with compliance training, while 43% say they “sometimes” audit third-party compliance and 16% “always” do.

Tom Rollauer

The financial services sector takes more vigorous steps to address third-party risks. For example, while only 16% of all respondents say they always audit third parties for compliance, that number was 23% in the financial services sector. Likewise, they perform background checks more often (40% saying “always” versus 27% of the entire survey pool).

“Regulators expect companies to do a lot more regarding their vendors and other third parties,” says Tom Rollauer, executive director of the Deloitte Center for Regulatory Strategies, Deloitte & Touche LLP. “It’s not just about giving out their code of conduct; it’s about rigorous due diligence, training, oversight and performing periodic compliance reviews,” notes Mr. Rollauer.

About In Focus: Compliance Trends Survey 2014

“In Focus: Compliance Trends Survey 2014” is a joint report between Deloitte & Touche LLP and Compliance Week based on a survey of more than 200 senior-level executives, working in ethics, compliance, audit, risk management or corporate governance. It was a self-reported survey from Compliance Week’s audience of ethics and compliance professionals, and Deloitte and Compliance Week did not attempt to verify or audit the data reported by survey-takers.

About Deloitte Insights

Deloitte’s Insights for C-suite executives and board members provide information and resources to help address the challenges of managing risk for both value creation and protection, as well as increasing compliance requirements.

This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact Dow Jones Reprints at 1-800-843-0008 or visit www.djreprints.com.